Enabling Neutron advanced services
IBM® Cloud Manager with OpenStack does not enable virtual private network-as-a-service (VPNaaS) by default and does not support firewall-as-a-service (FWaaS). Use this information to enable VPNaaS.
Procedure
Enable VPNaaS.
To enable VPNaaS, change the
following JSON attributes in your environment file.
- Under override_attributes.openstack.network.enable_vpn,
change the value to true.
"enable_vpn": true, - Under override_attributes.openstack.network.service_plugins,
add the VPNaaS service plug-in.
"service_plugins": [ "neutron.services.l3_router.l3_router_plugin.L3RouterPlugin", "neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin", "neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin" ], - Under override_attributes.openstack.network.service_provider,
add the VPNaaS service provider.
"service_provider": [ "LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default", "VPN:vpnaas:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default" ], - Update override_attributes.openstack.network.vpn.vpn_device_driver to ['neutron_vpnaas.services.vpn.device_drivers.fedora_strongswan_ipsec.FedoraStrongSwanDriver'].
- Update override_attributes.openstack.network.platform.vpn_device_driver_packages to 'strongswan'.
- Add override_attributes.openstack.network.platform.vpn_device_driver_services to "empty
string", like the following example:
"vpn_device_driver_services": [ ]
What to do next
Note:
- Ensure L3 is disabled when VPN is enabled, or there might be a potential conflict or synchronization problem between the L3 and VPN agents.
- If the service is not enabled, ensure that the service plug-in and service provider are not added or there will be Neutron server problems.
- Neutron firewall-as-a-service (FWaaS) and metering is not supported in IBM Cloud Manager with OpenStack 4.3.
- IBM Cloud Manager with OpenStack version 4.3 supports Neutron load balancer as a service (LBaaS) version 1 command only. The version 2 LBaaS command is not supported.